I messed with it on 2.1 beta and noticed the same thing. I'm using radius2 as well , I had to re save CP and radius users to get things working again with the redirect url blank.

@krankykoder:

How about squid & squidguard?

EDIT: Or… don't use captive portal. If you're taking the time to add the mac id's into captive portal, you my as well tick the box on your DHCP server to deny unknown clients.

can squid and squid guard monitor users' usages? if yes then please guide me to any guide / book related to how i can activate them.

secondly, i have different bandwidth rate limits on different users, so i have to use Pass through mac option to set their rate limits, if you got any other idea to limit speeds then share it :)

@wallabybob:

Since you didn't say what you tried and how it failed to work for you it isnot possible to say if it didn't work for you because you didn't quite do things properly. For example, it is easy to forget to reset firewall states after tweaking firewall rules.

Perhaps a scheduled firewall rule (allow access to site aaa from 4pm to 5pm Mon-Fri) followed by a rule (block access to site aaa) would do something like what you want.

I described what I am after in the first post.  A scheduled firewall rule doesn't meet my needs but thanks for your input.  In short, I am after a function that will allow me to limit elapsed time a user can spend on a couple of specific websites (time quota if you will).  If CP could be enforced to do this on only certain URL's that would meet my needs.  I don't want to punish the whole family with having to login into CP just because I want to setup elapsed time quotas against certain URL's.

Thanks for the report. Glad you have it working.

@mamaeggplant:

I am having this exact issue. I tested the new pages on a VM and it all worked fine, but when I put the pages on the firewall, the captive portal login will not work. PortalAuth log shows no logins.

Please start a new thread, don't hijack someone else's. Post the contents of your portal page there.

ah I found this Feature Request http://redmine.pfsense.org/issues/2152 that reflects exactly what I have been asking.

Most commonly that's because you're not using the DNS forwarder as your clients' DNS server and don't have a passthrough for the DNS servers so you're blocking DNS.

afaik you can intercept the traffic using a transparent squid instance and use squidguard for black/whitelisting URLs

Just a reminder, inbound states are not indicative of traffic but the presence of outbound traffic. It wasn't until I started pulling captures that I started seeing the lack of return traffic. We have put bypasses in our Websense system for the WAN ip of pfSense and amazingly it started working.

Thanks to those that replied. I am looking forward to the next version of the pfsense definitive guide. I hope that it reaches into the technical depths a little more than the first one.

Best Regards,
Mac

Sorry for getting back late, thanks a lot for your help :D

But I end up digging those default files from a new install on virtual machines ;D
Here are the files I have got finally:
https://docs.google.com/open?id=0ByIVqCZFmC_2akhnUTdmQUhEN3c

I suspect the OP is referring to something like a MS Terminal Server where dozens or more users can be logged into the same machine simultaneously.

Portal authentications do not sync at this time.

Right you are:  http://redmine.pfsense.org/issues/2378

Fixed as of 6 days ago. Looking forward to it rolling out in 2.0.2.

No, I have about 100-200 concurrent users.

40K users are in Radius database.

@marcelloc:

Are you using squid in transparent mode?

yes i use it in transparent  ;D

@cmb:

don't put it in there, you can use port forwards to redirect DNS.

Would you provide an example please?

Don't mess with repeaters of any type. Not a good idea, and except for some proprietary solutions, not layer 2 transparent like you need. Install more hard-wired access points. I really like EnGenius in terms of value for money. Get a bunch of EnGenius EAP350's for indoors and ENH202's for outdoors. The ENH202 comes with a proprietary power injector. The EAP350 requires an 802.3af power injector or switch. Hook these units up to a switch off your pfSense box. Make sure to use only channels 1, 6, and 11 and keep overlap to a minimum (with n=3 reuse, you WILL have overlap. Ignore the people who propose using 1, 4, 8, 11 or 1, 4, 7, 11 to reduce overlap. Even Cisco once recommended that in the early days of Wi-Fi. Real world experience has shown even these minimally overlapping channels dramatically reduce throughput - far more than co-channel interference will. If you're outside North America, use 1,5,9,13 as long as you're okay with some devices not being able to connect on channel 13. 1,5,9,13 are non-overlapping for 802.11g and 802.11n and almost non-overlapping for 802.11b).

I really love the EnGenius product line, and their customer support is great. They don't do everything, but for the money, they're excellent and have good range - great stability - and support up to 4 VLAN-isolated VAPs and VLAN management.

My second choice would be anything that can run DD-WRT. MUCH harder to use and configure, less stable unless you play with finding the right build, but has a ton of capabilities. I'm using some Buffalo WHR-HP-G300N's as AP's in various installs. DD-WRT 18777 is stable on these, though most other build's (INCLUDING BUFFALO'S OFFICIAL BUILDS) are horrifically unstable. Like them a lot for the money (about $40 a piece). No Power over Ethernet, desktop style box. But cheap and capable.

I'm also really interested in trying the MikroTik product, but this adds even more complexity. Great prices though.

EnGenius/Senao is easy to use, has great range/stability, great customer service, and works very well.

I have no affiliation with any of these companies, just saying what I use and am satisfied with!

thanks for this

Try if this will help you:
http://redmine.pfsense.org/issues/2164

If not it would be probably the best to post this in the "Post a bounty" section.
http://forum.pfsense.org/index.php/board,34.0.html